Lucene search

[email protected]CVE-2015-4237

HistoryJul 03, 2015 - 10:59 a.m.

CVE-2015-4237

2015-07-0310:59:03

CWE-264

CWE-78

[email protected]

web.nvd.nist.gov

cve-2015-4237

cisco

nx-os

cli parser

arbitrary command execution

local users

nexus devices

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), 7.2(0)ZZ(99.1), 7.2(0)ZZ(99.3), and 9.1(1)SV1(3.1.8) on Nexus devices allows local users to execute arbitrary OS commands via crafted characters in a filename, aka Bug IDs CSCuv08491, CSCuv08443, CSCuv08480, CSCuv08448, CSCuu99291, CSCuv08434, and CSCuv08436.

Affected configurations

NVD

Node

cisconx-osMatch7.2\(0\)zz\(99.3\)

AND

cisconexus_93120txMatch-

cisconexus_93128txMatch-

cisconexus_9332pqMatch-

cisconexus_9336pq_aci_spineMatch-

cisconexus_9372pxMatch-

cisconexus_9372txMatch-

cisconexus_9396pxMatch-

cisconexus_9396txMatch-

cisconexus_9504Match-

cisconexus_9508Match-

cisconexus_9516Match-

Node

cisconx-osMatch7.2\(0\)zz\(99.1\)

AND

cisconexus_3016Match-

cisconexus_3048Match-

cisconexus_3064Match-

cisconexus_3132qMatch-

cisconexus_3164qMatch-

cisconexus_3172Match-

cisconexus_3232cMatch-

cisconexus_3524Match-

cisconexus_3548Match-

Node

cisconx-osMatch6.2\(11b\)

AND

ciscomds_9100Match-

ciscomds_9140

ciscomds_9500Match-

ciscomds_9700Match-

Node

cisconx-osMatch9.1\(1\)sv1\(3.1.8\)

AND

cisconexus_1000vMatch-

Node

cisconx-osMatch7.2\(0\)zz\(99.1\)

AND

cisconexus_5548pMatch-

cisconexus_5548upMatch-

cisconexus_5596tMatch-

cisconexus_5596upMatch-

cisconexus_56128pMatch-

cisconexus_5624qMatch-

cisconexus_5648qMatch-

cisconexus_5672upMatch-

cisconexus_5696qMatch-

Node

cisconx-osMatch6.2\(12\)

AND

cisconexus_7000Match-

cisconexus_7700Match-

Node

cisconx-osMatch4.1\(2\)e1\(1\)

AND

cisconexus_4001iMatch-

CPENameOperatorVersion
cisco:nx-oscisco nx-oseq7.2\(0\)zz\(99.3\)

CPE	Name	Operator	Version
cisco:nx-os	cisco nx-os	eq	7.2\(0\)zz\(99.3\)

References

tools.cisco.com/security/center/viewAlert.x?alertId=39583

www.securitytracker.com/id/1032775

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.4 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2015-4237

nessus1 cisco1 cvelist1 nvd1 openvas1 prion1